Faye is different to your ye

TryHackMe: Network Services 2 writeup (w.i.p)

Faye Okude's photo
Faye Okude
·

3 min read

Table of contents

this is a work in progress

Task 1: Get connected

  • No answer needed

Task 2: Understanding NFS

Question 1: What does NFS stand for?

  • Network File System

Question 2: What process allows an NFS client to interact with a remote directory as though it was a physical device?

  • Mounting
  • "A mount point is a directory to which the mounted file system is attached"

Question 3: What does NFS use to represent files and directories on the server?

  • File Handle

Question 4: What protocol does NFS use to communicate between the server and client?

-RPC

Question 5: What two pieces of user data does the NFS server take as parameters for controlling user permissions?

  • User ID / Group ID

Question 6: Can a Windows NFS server share files with a Linux client? (Y/N)

  • Y

Question 7: Can a Linux NFS server share files with a MacOS client? (Y/N)

  • Y

Question 8: What is the latest version of NFS?

  • 4.2
  • image.png

More resources:

Task 3: Enumerating NFS

Question 1: How many ports are open?

  • Run aggressive nmap scan on all ports of target machine

image.png

  • Output:

image.png

  • 7 Ports open

Question 2: Which port contains the service we're looking to enumerate?

  • From nmap report we can see port 2049 is using nfs service

Question 3: What is the name of the visible share? image.png

  • Use command /usr/sbin/showmount -e {MACHINE_IP}
  • Answer is "/home"

Question 4: Mount the NFS share to your local machine; what is the name of the folder inside?

  • Use template code provided "sudo mount -t nfs IP:share /tmp/mount/ -nolock"
  • Change the value "share" to be the name of the share we want to mount i.e. "/home" and use the local machine directory you created
  • Then navigate to the /tmp/mount/ dir
  • The folder is called cappucino

image.png

Question 5

  • No answer needed

Question 6: Which of these folders could contain keys that would give us remote access to the server?

  • Open the cappuccino folder and list all contents including hidden files
  • We know ssh is used to remotely access machines image.png

Question 7: Which of these keys is most useful to us?

  • List the contents of the ssh directory
  • We know from previous tasks that id_rsa can be used as the private key image.png

Question 8: Log in to the machine

  • Read "id_rsa.pub" using "cat id_rsa.pub" and you will find a username cappucino@polosnfs ![image.png] (cdn.hashnode.com/res/hashnode/image/upload/.. align="left")
  • copy "id_rsa" file to local machine, using "cp ~/tmp"
    • we use ~ because it auto refers to the home dir of the current user, so /root in this instance - image.png
  • Change the permissions of the file using "chmod 600 id_rsa"
  • Log in to the machine using "ssh -i id_rsa cappucino@" image.png

Task 4: Exploiting NFS

Question 1

  • No answer needed

Question 2: Downloads bash executable to your downloads folder, then copy the bash executable to the NFS Share

Task 5: Understanding SMTP

Task 6: Enumerating SMTP

Task 7: Exploiting SMTP

Task 8: Understanding MySQL

Task 9: Enumerating MySQL

Task 10: Exploiting MySQL

Task 11: Further Learning

  • No answer needed
tryhackmeWrite Up